The SMB safety model
SMBs do not have the headcount to manage agents manually across every team. Pinksheep keeps rollout safe by default with approvals, scoped access, full visibility, and spend control built in from the start.
The model has four layers: approve before it acts, scoped access, full visibility, and spend caps. Together they let lean teams launch agents without giving up control.
Approve before it acts
If an action could change data or send something externally, you can review it before it happens.
Scoped access
Each agent gets only the tools and permissions it needs for the job. Keep access narrow and specific.
Full visibility
Every action, approval, and cost is logged so the team can always review what happened.
Spend caps
Set a limit per agent or team so rollout stays controlled as usage grows.
Approve before it acts
The most important control is simple: your agent asks before it acts. If it wants to change data or send something externally, you can review it first.
What you see in the approval request:
- Which tool the agent wants to use, such as Salesforce, Zendesk, or QuickBooks
- Which record or item it wants to update
- What it wants to change
- Why it is proposing that action
- What the run will cost before it happens
What happens next:
- Approve: The agent takes the action and logs what happened.
- Reject: The agent does not proceed. The decision is visible so the team can adjust the brief or tighten the boundaries.
As trust builds, you can loosen only the lowest-risk actions. Keep customer-facing or financial changes reviewable.
Scoped access
Connect each agent only to the tools and actions it needs. Keep access specific to the job so the first rollout stays easy to review and easy to trust.
| Stack | Scoped access example | What is blocked |
|---|---|---|
| Salesforce | Read leads, write lead owner field | Cannot delete records or change permissions |
| Zendesk | Read tickets, write ticket status and priority | Cannot delete tickets or change account settings |
| QuickBooks | Read invoices, write invoice status | Cannot delete transactions or change bank connections |
| Slack | Read messages, write to specific channels | Cannot archive channels or change workspace settings |
Full visibility
Every action, approval, and cost is logged. You can always go back and see what happened, what was approved, and what it cost.
What you can review:
- Every proposed action (what the agent wanted to do)
- Every approval or rejection (who approved or rejected, and when)
- Every executed action (what changed, in which system)
- Every error or failure (what went wrong, and why)
- Every spend event (how much the agent cost, per action)
This gives the team a shared record for review, troubleshooting, and ongoing improvement after launch.
Spend control
Set a hard spend limit per agent or per team. When an agent hits the cap, it pauses until someone reviews it.
How spend caps work:
- Set a cap per agent
- Set a cap across a team if needed
- When an agent hits the cap, it pauses
- Review usage, raise the cap if needed, or tighten the brief to reduce cost
- Resume only after review
Spend caps keep rollout controlled for lean teams. You can see cost before a run happens, then review how spend changes over time.
Frequently asked questions
Who is responsible when there is no AI team?
One rollout owner sets approvals, access, and spend caps. Department leads review agent actions in their area. The platform keeps every action visible so responsibility stays clear.
Can we deploy agents without approvals initially?
Start with approvals on before the first agent goes live. Once a narrow agent is trusted, you can loosen only the lowest-risk actions. Keep customer-facing or financial changes reviewable.
How do we prevent agents from accessing data they should not touch?
Connect each agent only to the tools and actions it needs. Keep access narrow, reviewable, and specific to the job. The first rollout should never start with broad admin access.
What happens if an agent hits the spend cap?
The agent pauses when it hits the cap. You can review usage, decide whether to raise the cap, or refine the agent before it runs again.